LDAP
The LDAP connector allows data synchronization between RAC/M Identity and LDAP (Lightweight Directory Access Protocol) directories such as Active Directory.
Configuration
| Configuration | Description |
|---|---|
| Host | The server address. |
| TCP Port | The server's TCP port. |
| SSL | true or false to enable or disable SSL. |
| Principal | The administrator's identifier to connect with. For example, CN=Administrator,CN=Users,DC=MyHost,DC=local. |
| Password | The password to connect to the server. |
| LDAP Filter for Accounts to Synchronize | Optional LDAP filter for objects to synchronize. If you specify a filter, an object will only be synchronized if it matches the filter and includes a synchronized object class. |
| Account Object Classes | One or more object classes to use when creating new user objects in the LDAP tree. |
| UID Attribute | UID attribute. |
| Base Contexts | Base context from which to explore the LDAP tree. For example, DC=MyHost,DC=local. |
| Password Hashing Algorithm | The hashing algorithm for the directory password. For example, SHA. |
| Force password change at next log-on | true or false to force de change. |
| The waiting period for password change at the next login. | The waiting period for password change at the next login. |
Additional Configuration
Password Synchronization via AD Connect
In order for the password synchronization to take place when changing the password of an existing account, it is important to make the following configurations so that AD Connect detects the change.
To ensure that the change is detected, the value pdwLastSet must first be changed to -1 via a module, and then the ICF connector will trigger this change during the call to 0 if the configuration for forcing the password change at the next login is set to true and there is at least 100 ms for the configuration for the waiting period for the password change at the next login.